-
-
Save RomainRouzaud/15992b030389f97daa05c346f7a00c74 to your computer and use it in GitHub Desktop.
[AWS CLI] #aws #cheatsheet
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### Walkthrough #1: Create our first virtual machine in the cloud | |
# get list of commands useful for EC2 | |
aws ec2 help | grep "\sdescribe" | |
# create an SSH keypair for AWS | |
aws ec2 create-key-pair --key-name MyKeyPair --query 'KeyMaterial' --output text > MyKeyPair.pem | |
# verify that AWS knows about our newly created key | |
aws ec2 describe-key-pairs --key-name MyKeyPair | |
# the private key is used to access all machines in AWS that it is assigned to, | |
# so it is important to KEEP IT SAFE!!! | |
# it is best practice to keep the permissions of this key file safe | |
chmod 400 MyKeyPair.pem | |
# we're also going to need a security group that is going to be attached to the instance | |
# A security group defines access permissions for the resources it is attached to. | |
# create a security group which will get attached to our instance | |
aws ec2 create-security-group --group-name my-sg --description "My security group" | |
# verify its creation | |
aws ec2 describe-security-groups --group-names my-sg | |
# since security group's don't auto-create rules upon initialization, we will need to create some ourselves | |
# add an inbound rule to the group that allows TCP traffic on port 22 from the IP range of 203.0.113.0/24 | |
aws ec2 authorize-security-group-ingress --group-name my-sg --protocol tcp --port 22 --cidr 203.0.113.0/24 | |
# get a list of AMIs, filter list to only include Xenial AMIs | |
aws ec2 describe-images --filters "Name=description,Values=*xenial*" | |
# set the size of our EC2 instance to `t2.micro` -- which is a free tier for new customers | |
# and run the instance | |
aws ec2 run-instances --instance-type t2.micro --key-name MyKeyPair --security-groups my-sg --image-id ami-760aaa0f | |
# verify that the instance is running | |
aws ec2 describe-instances --instance-ids i-04240cbed0bac7da6 | |
# terminate the instance | |
aws ec2 terminate-instances --instance-ids i-04240cbed0bac7da6 | |
# if we wanted to STOP the instance instead of TERMINATE it, we'd run | |
aws ec2 stop-instances --instance-ids i-04240cbed0bac7da6 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# every instance has a metadata endpoint accessible from within the instance via the address: | |
# 169.254.169.254 | |
# run an instance | |
aws ec2 run-instances --instance-type t2.micro --key-name MyKeyPair --security-groups my-sg --image-id ami-760aaa0f --iam-instance-profile Name="role1-instance-profile" | |
# ssh into instance | |
ssh -i /srv/resources/MyKeyPair.pem [email protected] | |
# configure curl to start a new line after the result of a call | |
echo '-w "\n"' >> ~/.curlrc | |
# hit metadata endpoint | |
curl 169.254.169.254/ | |
# checkout latest metadata | |
curl 169.254.169.254/latest/meta-data/ | |
# checkout IAM role | |
curl 169.254.169.254/latest/meta-data/iam/security-credentials/role1 | |
# get availability zone | |
curl 169.254.169.254/latest/meta-data/placement/availability-zone |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Sid": "AllObjectAccess", | |
"Effect": "Deny", | |
"Principal": "*", | |
"Action": [ | |
"s3:GetObject" | |
], | |
"Resource": "arn:aws:s3:::mybucket/*" | |
} | |
] | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# create an S3 bucket | |
aws s3 mb s3://<bucket_name> | |
# list all buckets owned by the user | |
aws s3 ls | |
# copy local file to s3 bucket | |
aws s3 cp test_file s3://mybucket | |
# list contents of a bucket | |
aws s3 ls s3://mybucket | |
# copy a file from S3 to local machine | |
aws s3api get-object --bucket mybucket --key test_file copy | |
# can attach a bucket policy (which is a JSON file controlling access rights to buckets) | |
aws s3api put-bucket-policy --policy file://policy.json --bucket mybucket |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment